Businesses in many customer service and consumer retail sectors often handle sensitive customer information such as credit card numbers, bank account numbers, social security numbers, phone numbers, addresses, email addresses, birthdates, passwords, and other sensitive information. This information may often be stored in databases owned by a business and/or transported across networks (LANs, WANs, the Internet, or the like). Often, this customer information may be used in various processes. For example, a customer's credit card information and address may be used while processing a credit card transaction for an online purchase. As another example, a customer's social security number and date of birth may be used as part of a credit check process for determining if a new bank account, line of credit, or other financial product may be provided to the customer. Due to the sensitive nature of this customer information, security of such information may be vital.
Often, processes that involve the handling, processing, storage, or communication of sensitive customer information may include a level of risk. In some instances, it may be difficult to identify risk factors associated with a particular process or set of processes. It may also be difficult to identify processes or sets of processes that may be in need of risk reduction measures.